hashicorp · ewbankkit · May 1, 2023 · Apr 23, 2023 · Apr 24, 2023 · May 1, 2023
@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_vpclattice_auth_policy
+```
@@ -0,0 +1,73 @@
+package vpclattice
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/create"
+	"github.com/hashicorp/terraform-provider-aws/internal/verify"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+// Function annotations are used for datasource registration to the Provider. DO NOT EDIT.
+// @SDKDataSource("aws_vpclattice_auth_policy", name="Auth Policy")
+func DataSourceAuthPolicy() *schema.Resource {
+	return &schema.Resource{
+
+		ReadWithoutTimeout: dataSourceAuthPolicyRead,
+
+		Schema: map[string]*schema.Schema{
+			"policy": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"resource_identifier": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"state": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+		},
+	}
+}
+
+const (
+	DSNameAuthPolicy = "Auth Policy Data Source"
+)
+
+func dataSourceAuthPolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*conns.AWSClient).VPCLatticeClient()
+
+	resourceID := d.Get("resource_identifier").(string)
+	out, err := findAuthPolicy(ctx, conn, resourceID)
+
+	if err != nil {
+		return create.DiagError(names.VPCLattice, create.ErrActionReading, DSNameAuthPolicy, resourceID, err)
+	}
+
+	d.SetId(resourceID)
+
+	d.Set("policy", out.Policy)
+	d.Set("resource_identifier", resourceID)
+
+	// TIP: Setting a JSON string to avoid errorneous diffs.
+	p, err := verify.SecondJSONUnlessEquivalent(d.Get("policy").(string), aws.ToString(out.Policy))
+	if err != nil {
+		return create.DiagError(names.VPCLattice, create.ErrActionSetting, DSNameAuthPolicy, d.Id(), err)
+	}
+
+	p, err = structure.NormalizeJsonString(p)
+	if err != nil {
+		return create.DiagError(names.VPCLattice, create.ErrActionReading, DSNameAuthPolicy, d.Id(), err)
+	}
+
+	d.Set("policy", p)
+
+	return nil
+}
@@ -0,0 +1,80 @@
+package vpclattice_test
+
+import (
+	"fmt"
+	"regexp"
+	"testing"
+
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccVPCLatticeAuthPolicyDataSource_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	// TIP: This is a long-running test guard for tests that run longer than
+	// 300s (5 min) generally.
+	if testing.Short() {
+		t.Skip("skipping long-running test in short mode")
+	}
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	dataSourceName := "data.aws_vpclattice_auth_policy.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.VPCLatticeEndpointID)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.VPCLatticeEndpointID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckAuthPolicyDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAuthPolicyDataSourceConfig_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestMatchResourceAttr(dataSourceName, "policy", regexp.MustCompile(`"Action":"*"`)),
+					resource.TestCheckResourceAttrPair(dataSourceName, "resource_identifier", "aws_vpclattice_service.test", "arn"),
+				),
+			},
+		},
+	})
+}
+
+func testAccAuthPolicyDataSourceConfig_basic(rName string) string {
+	return fmt.Sprintf(`
+data "aws_partition" "current" {}
+
+data "aws_caller_identity" "current" {}
+
+data "aws_vpclattice_auth_policy" "test" {
+  resource_identifier = aws_vpclattice_auth_policy.test.resource_identifier
+}
+
+resource "aws_vpclattice_service" "test" {
+  name               = %[1]q
+  auth_type          = "AWS_IAM"
+  custom_domain_name = "example.com"
+}
+
+resource "aws_vpclattice_auth_policy" "test" {
+  resource_identifier = aws_vpclattice_service.test.arn
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Action    = "*"
+      Effect    = "Allow"
+      Principal = "*"
+      Resource  = "*"
+      Condition = {
+        StringNotEqualsIgnoreCase = {
+          "aws:PrincipalType" = "anonymous"
+        }
+      }
+    }]
+  })
+}
+`, rName)
+}
@@ -0,0 +1,34 @@
+---
+subcategory: "VPC Lattice"
+layout: "aws"
+page_title: "AWS: aws_vpclattice_auth_policy"
+description: |-
+  Terraform data source for managing an AWS VPC Lattice Auth Policy.
+---
+
+# Data Source: aws_vpclattice_auth_policy
+
+Terraform data source for managing an AWS VPC Lattice Auth Policy.
+
+## Example Usage
+
+### Basic Usage
+
+```terraform
+data "aws_vpclattice_auth_policy" "test" {
+  resource_identifier = aws_vpclattice_auth_policy.test.resource_identifier
+}
+```
+
+## Argument Reference
+
+The following arguments are required:
+
+* `resource_identifier` - (Required) The ID or Amazon Resource Name (ARN) of the service network or service for which the policy is created.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `policy` - The auth policy. The policy string in JSON must not contain newlines or blank lines.
+* `state` - The state of the auth policy. The auth policy is only active when the auth type is set to AWS_IAM. If you provide a policy, then authentication and authorization decisions are made based on this policy and the client's IAM policy. If the Auth type is NONE, then, any auth policy you provide will remain inactive.